Combining Sociocultural Intelligence with Artificial Intelligence to Increase Organizational Cyber Security Provision through Enhanced Resilience
Naghmeh Sheykhkanloo
Round 1
Reviewer 1 Report
Overall
This paper, according to the abstract, aims at helping managers understand how AI can be used. The paper argues that adding this knowledge of AI to knowledge of thought processes improves cyber security provision. My first thought was that surely readers of big data and cognitive computing already have a reasonably strong grasp of ML and perhaps this paper is more appropriate for a journal targeted at managers.
The authors cogently argue the case for focusing on CTI in the background section SOCINT is described adequately in the following section, A non-technical description of AI and ML is provided next. This is the section that I feel needs most attention in terms of the BDCC audience.
Five themes are reported in the findings although it is unclear how these were selected. The authors gloss over the analysis and the themes. BDCC readers are less likely to understand the differences between grounded, template, and thematic analysis and may not be aware of the protocols. This may leave them with the feeling that the findings are cherry-picked from the transcript.
I list two main issues and two minor issues that need to be addressed.
Main issues
1. Description of AI (including ML)
If providing an overview of AI, then presenting the relationship and differences among AI, ML and DL is probably the best starting point. Currently, the text reads as though there are two entities AI and ML. In ML, the type of learning is just one of the many decisions that needs to be made. The quality and quantity of data is arguably more important than the type of learning. Concepts such as bias and representativity need to be accounted for. This also raises a number of ethical issues, since datasets tend to be biased (reflecting biases in the real world).
In Table 1 almost all the forms of learning are DL. I am left with the impression that the authors argue that managers just need to understand the differences between the three types of learning listed. I should note that semi-supervised is an extremely common form of learning although that is not mentioned. Although Table 1 is mildly interesting, I do not see how knowing which types of learning are used by which companies in non-CTI situations helps CTI. I also do not see why supervised learning is listed twice in column 1. Supervised learning is divided into three rows, but only two are given labels. Unsupervised learning divides into four rows, but only three are given labels. Centering the text for the final column makes it difficult for readers. I suggest justifying left for cells that are wide.
2. Details of sampling frame and data analysis
The researchers present findings derived from a group interview with five experts in security. However, there is no detail regarding the sampling or analysis protocol. The authors report their findings, but readers are left to guess whether the findings are representative of the group consensus, neither the frequency of mention nor the salience/weighting of the items are detailed. The specific themes identified in the transcripts should be listed. Did the authors use NVivo or corpus tools or what? Five themes are reported in the results. Readers will be left wondering whether these were cherry-picked. Showing how the themes were labelled, amended, merged, etc. would help readers follow your research more easily.
Minor issues
3. Transcript check
Focus groups frequently use member checks to ensure the veracity of summaries of discussions, but as the transcript is made from the audio file, I am unsure of the necessity to show the transcripts to the participants. A verbatim transcript of a 90-minute discussion may be around 12,000 words depending on pauses, speed, etc. Did the participants read that?
4. Envisaged audience
I am left with the feeling that the envisaged reader is a manager. Is that your intended audience? How can you frame this to better suit an audience of big data enthusiasts?
Author Response
Please see the authors' comments in the file attached.
Author Response File: 
Author Response.docx
Reviewer 2 Report
In this paper the authors “Combined sociocultural intelligence with artificial intelligence to increase organizational cyber security provision through enhanced resilience”.
A few comments to improve the paper:
ML is part of AI, so it is OK to just say “AI” OR “ML” rather than constantly repeating “AI and ML”.
Given the benefits of using ML, it is not well justified why ML is a good approach that managers need to get themselves familiar with? What are the other non-ML approaches that can be used but ML approaches outstand them?
Please provide more reflection on the results. For example, provide the questionnaire in appendix? At the moment the experiments part of the project is rather unclear.
It is good to have research questions (maximum three) at the start of the manuscript to clearly identify what questions this research is trying to answer.
There are some grammatical mistakes that needs to be fixed e.g., “managers can focus cyber threat intelligence”.
There are some very long sentences that needs to breakdown to smaller ones to convey the message in a better way.
Author Response
Please see the author's comments in the file attached.
Author Response File: Author Response.docx
Round 2
Reviewer 1 Report
Overall
I thank the authors for their detailed explanation of how this revised version addressed my comments. This greatly expedited the second round of revision. The authors have adequately addressed all the issues raised in the initial round of reviews; and, as such, I have no more objections to publication. This paper now has a more specific audience, a clear purpose, and a worthwhile message that is well argued and supported by evidence. I look forward to seeing the final version in press.
Below I list a few additional comments that the authors may want to address before submitting the final version.
Issues to consider for final submission
Table 1
I feel that this table is rather large and unwieldly for readers. As it does not fit on a single page, I found it difficult to gain a holistic overview. This could be solved by summarizing the details in the final column, or splitting the table into two separate tables, which is probably how I would present the information. Alternatively, should you feel that target readers would best appreciate the current format, then no change needs to be made.
Abbreviations
(CTI) is used after each usage of the full-form - 29 times!. If the full form is going to be used throughout the paper, then it seems redundant to repeatedly add the acronym. I understand that some readers dislike acronyms, but after the first few uses I suspect all readers will remember CTI, particularly given that this is a key theme throughout the paper. Other acronyms are introduced multiple times but are less frequently used.
Formatting issues
Margin on page one has an issue, and spacing between paragraphs within a section is not consistent.
Consistency
Both e.g, and eg. are used – perhaps as a result of joint authorship. Please select one form.
Line 217
organization, they are: à organization, which are OR organization. They are
Reviewer 2 Report
The authors applied the requested changes.
